op public repos

Blame

Date:: Mon Jan 3 06:40:20 2005 UTC
Message:: Some man pages.
Actions:: History | Blob | Raw File
  1 058b0118 2005-01-03 devnull .TH SECSTORE 1
  2 058b0118 2005-01-03 devnull .SH NAME
  3 058b0118 2005-01-03 devnull aescbc, secstore, ipso \- secstore commands
  4 058b0118 2005-01-03 devnull .SH SYNOPSIS
  5 058b0118 2005-01-03 devnull .B secstore
  6 058b0118 2005-01-03 devnull [
  7 058b0118 2005-01-03 devnull .B -s
  8 058b0118 2005-01-03 devnull .I server
  9 058b0118 2005-01-03 devnull ]
 10 058b0118 2005-01-03 devnull [
 11 058b0118 2005-01-03 devnull .B -(g|G)
 12 058b0118 2005-01-03 devnull .I getfile
 13 058b0118 2005-01-03 devnull ]
 14 058b0118 2005-01-03 devnull [
 15 058b0118 2005-01-03 devnull .B -p
 16 058b0118 2005-01-03 devnull .I putfile
 17 058b0118 2005-01-03 devnull ]
 18 058b0118 2005-01-03 devnull [
 19 058b0118 2005-01-03 devnull .B -r
 20 058b0118 2005-01-03 devnull .I rmfile
 21 058b0118 2005-01-03 devnull ]
 22 058b0118 2005-01-03 devnull [
 23 058b0118 2005-01-03 devnull .B -c
 24 058b0118 2005-01-03 devnull ]
 25 058b0118 2005-01-03 devnull [
 26 058b0118 2005-01-03 devnull .B -u
 27 058b0118 2005-01-03 devnull .I user
 28 058b0118 2005-01-03 devnull ]
 29 058b0118 2005-01-03 devnull [
 30 058b0118 2005-01-03 devnull .B -v
 31 058b0118 2005-01-03 devnull ]
 32 058b0118 2005-01-03 devnull [
 33 058b0118 2005-01-03 devnull .B -i
 34 058b0118 2005-01-03 devnull ]
 35 058b0118 2005-01-03 devnull .PP
 36 058b0118 2005-01-03 devnull .B aescbc
 37 058b0118 2005-01-03 devnull -e
 38 058b0118 2005-01-03 devnull .I <cleartext
 39 058b0118 2005-01-03 devnull .I >ciphertext
 40 058b0118 2005-01-03 devnull .br
 41 058b0118 2005-01-03 devnull .B aescbc
 42 058b0118 2005-01-03 devnull -d
 43 058b0118 2005-01-03 devnull .I <ciphertext
 44 058b0118 2005-01-03 devnull .I >cleartext
 45 058b0118 2005-01-03 devnull .PP
 46 058b0118 2005-01-03 devnull .B ipso
 47 058b0118 2005-01-03 devnull [
 48 058b0118 2005-01-03 devnull .B -a -e -l -f -s
 49 058b0118 2005-01-03 devnull ] [
 50 058b0118 2005-01-03 devnull .I file
 51 058b0118 2005-01-03 devnull \&...
 52 058b0118 2005-01-03 devnull ]
 53 058b0118 2005-01-03 devnull .PP
 54 058b0118 2005-01-03 devnull .SH DESCRIPTION
 55 058b0118 2005-01-03 devnull .PP
 56 058b0118 2005-01-03 devnull .I Secstore
 57 058b0118 2005-01-03 devnull authenticates to the server
 58 058b0118 2005-01-03 devnull using a password and optionally a hardware token,
 59 058b0118 2005-01-03 devnull then saves or retrieves a file.
 60 058b0118 2005-01-03 devnull This is intended to be a credentials store (public/private keypairs,
 61 058b0118 2005-01-03 devnull passwords, and other secrets) for a factotum.
 62 058b0118 2005-01-03 devnull .PP
 63 058b0118 2005-01-03 devnull Option
 64 058b0118 2005-01-03 devnull .B -p
 65 058b0118 2005-01-03 devnull stores a file on the secstore.
 66 058b0118 2005-01-03 devnull .PP
 67 058b0118 2005-01-03 devnull Option
 68 058b0118 2005-01-03 devnull .B -g
 69 058b0118 2005-01-03 devnull retrieves a file to the local directory;
 70 058b0118 2005-01-03 devnull option
 71 058b0118 2005-01-03 devnull .B -G
 72 058b0118 2005-01-03 devnull writes it to standard output instead.
 73 058b0118 2005-01-03 devnull Specifying
 74 058b0118 2005-01-03 devnull .I getfile
 75 058b0118 2005-01-03 devnull of . will send to standard output
 76 058b0118 2005-01-03 devnull a list of remote files with dates, lengths and SHA1 hashes.
 77 058b0118 2005-01-03 devnull .PP
 78 058b0118 2005-01-03 devnull Option
 79 058b0118 2005-01-03 devnull .B -r
 80 058b0118 2005-01-03 devnull removes a file from the secstore.
 81 058b0118 2005-01-03 devnull .PP
 82 058b0118 2005-01-03 devnull Option
 83 058b0118 2005-01-03 devnull .B -c
 84 058b0118 2005-01-03 devnull prompts for a password change.
 85 058b0118 2005-01-03 devnull .PP
 86 058b0118 2005-01-03 devnull Option
 87 058b0118 2005-01-03 devnull .B -v
 88 058b0118 2005-01-03 devnull produces more verbose output, in particular providing a few
 89 058b0118 2005-01-03 devnull bits of feedback to help the user detect mistyping.
 90 058b0118 2005-01-03 devnull .PP
 91 058b0118 2005-01-03 devnull Option
 92 058b0118 2005-01-03 devnull .B -i
 93 058b0118 2005-01-03 devnull says that the password should be read from standard input
 94 058b0118 2005-01-03 devnull instead of from
 95 058b0118 2005-01-03 devnull .BR /dev/cons .
 96 058b0118 2005-01-03 devnull .PP
 97 058b0118 2005-01-03 devnull Option
 98 058b0118 2005-01-03 devnull .B -n
 99 058b0118 2005-01-03 devnull says that the password should be read from NVRAM
100 058b0118 2005-01-03 devnull instead of from
101 058b0118 2005-01-03 devnull .BR /dev/cons .
102 058b0118 2005-01-03 devnull This option is unsupported.
103 058b0118 2005-01-03 devnull .PP
104 058b0118 2005-01-03 devnull The server is
105 058b0118 2005-01-03 devnull .BR tcp!$auth!5356 ,
106 058b0118 2005-01-03 devnull or the server specified by option
107 058b0118 2005-01-03 devnull .BR -s .
108 058b0118 2005-01-03 devnull .PP
109 058b0118 2005-01-03 devnull For example, to add a secret to the file read by
110 058b0118 2005-01-03 devnull .IR factotum (4)
111 058b0118 2005-01-03 devnull at startup, open a new window, type
112 058b0118 2005-01-03 devnull .sp
113 058b0118 2005-01-03 devnull .EX
114 058b0118 2005-01-03 devnull   % ramfs -p; cd /tmp
115 058b0118 2005-01-03 devnull   % auth/secstore -g factotum
116 058b0118 2005-01-03 devnull   secstore password:
117 058b0118 2005-01-03 devnull   % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
118 058b0118 2005-01-03 devnull   % auth/secstore -p factotum
119 058b0118 2005-01-03 devnull   secstore password:
120 058b0118 2005-01-03 devnull   % read -m factotum > /mnt/factotum/ctl
121 058b0118 2005-01-03 devnull .EE
122 058b0118 2005-01-03 devnull .PP
123 058b0118 2005-01-03 devnull and delete the window.
124 058b0118 2005-01-03 devnull The first line creates an ephemeral memory-resident workspace,
125 058b0118 2005-01-03 devnull invisible to others and automatically removed when the window is deleted.
126 058b0118 2005-01-03 devnull The next three commands fetch the persistent copy of the secrets,
127 058b0118 2005-01-03 devnull append a new secret,
128 058b0118 2005-01-03 devnull and save the updated file back to secstore.
129 058b0118 2005-01-03 devnull The final command loads the new secret into the running factotum.
130 058b0118 2005-01-03 devnull .PP
131 058b0118 2005-01-03 devnull The
132 058b0118 2005-01-03 devnull .I ipso
133 058b0118 2005-01-03 devnull command packages this sequence into a convenient script to simplify editing of
134 058b0118 2005-01-03 devnull .I files
135 058b0118 2005-01-03 devnull stored on a secure store.
136 058b0118 2005-01-03 devnull It copies the named
137 058b0118 2005-01-03 devnull .I files
138 058b0118 2005-01-03 devnull into a local
139 058b0118 2005-01-03 devnull .IR ramfs (4)
140 058b0118 2005-01-03 devnull and invokes
141 058b0118 2005-01-03 devnull .IR acme (1)
142 058b0118 2005-01-03 devnull on them.  When the editor exits,
143 058b0118 2005-01-03 devnull .I ipso
144 058b0118 2005-01-03 devnull prompts the user to confirm copying modifed or newly created files back to
145 058b0118 2005-01-03 devnull .I secstore.
146 058b0118 2005-01-03 devnull If no
147 058b0118 2005-01-03 devnull .I file
148 058b0118 2005-01-03 devnull is mentioned,
149 058b0118 2005-01-03 devnull .I ipso
150 058b0118 2005-01-03 devnull grabs all the user's files from
151 058b0118 2005-01-03 devnull .I secstore
152 058b0118 2005-01-03 devnull for editing.
153 058b0118 2005-01-03 devnull .PP
154 058b0118 2005-01-03 devnull By default, ipso will edit the
155 058b0118 2005-01-03 devnull .I secstore
156 058b0118 2005-01-03 devnull files and, if
157 058b0118 2005-01-03 devnull one of them is named
158 058b0118 2005-01-03 devnull .BR factotum ,
159 058b0118 2005-01-03 devnull flush your current keys from factotum and load
160 058b0118 2005-01-03 devnull the new ones from the file.
161 058b0118 2005-01-03 devnull If you supply any of the
162 058b0118 2005-01-03 devnull .BR -e ,
163 058b0118 2005-01-03 devnull .BR -f ,
164 058b0118 2005-01-03 devnull or
165 058b0118 2005-01-03 devnull .BR -l
166 058b0118 2005-01-03 devnull options,
167 058b0118 2005-01-03 devnull .I ipso
168 058b0118 2005-01-03 devnull will just perform the operations you requested, i.e.,
169 058b0118 2005-01-03 devnull edit, flush, and/or load.
170 058b0118 2005-01-03 devnull .PP
171 058b0118 2005-01-03 devnull The
172 058b0118 2005-01-03 devnull .B -s
173 058b0118 2005-01-03 devnull option of
174 058b0118 2005-01-03 devnull .I ipso
175 058b0118 2005-01-03 devnull invokes
176 058b0118 2005-01-03 devnull .IR sam (1)
177 058b0118 2005-01-03 devnull as the editor insted of
178 058b0118 2005-01-03 devnull .BR acme ;
179 058b0118 2005-01-03 devnull the
180 058b0118 2005-01-03 devnull .B -a
181 058b0118 2005-01-03 devnull option provides a similar service for files encrypted by
182 058b0118 2005-01-03 devnull .I aescbc
183 058b0118 2005-01-03 devnull .RI ( q.v. ).
184 058b0118 2005-01-03 devnull With the
185 058b0118 2005-01-03 devnull .B -a
186 058b0118 2005-01-03 devnull option, the full rooted pathname of the
187 058b0118 2005-01-03 devnull .I file
188 058b0118 2005-01-03 devnull must be specified and all
189 058b0118 2005-01-03 devnull .I files
190 058b0118 2005-01-03 devnull must be encrypted with the same key.
191 058b0118 2005-01-03 devnull Also with
192 058b0118 2005-01-03 devnull .BR -a ,
193 058b0118 2005-01-03 devnull newly created files are ignored.
194 058b0118 2005-01-03 devnull .PP
195 058b0118 2005-01-03 devnull .I Aescbc
196 058b0118 2005-01-03 devnull encrypts and decrypts using AES (Rijndael) in cipher
197 058b0118 2005-01-03 devnull block chaining (CBC) mode.
198 058b0118 2005-01-03 devnull .SH SOURCE
199 058b0118 2005-01-03 devnull .B /usr/local/plan9/src/cmd/secstore
200 058b0118 2005-01-03 devnull .SH SEE ALSO
201 058b0118 2005-01-03 devnull .IR factotum (4),
202 058b0118 2005-01-03 devnull Plan 9's \fIsecstore\fR(8)
203 058b0118 2005-01-03 devnull .SH BUGS
204 058b0118 2005-01-03 devnull There is deliberately no backup of files on the secstore, so
205 058b0118 2005-01-03 devnull .B -r
206 058b0118 2005-01-03 devnull (or a disk crash) is irrevocable.  You are advised to store
207 058b0118 2005-01-03 devnull important secrets in a second location.
208 058b0118 2005-01-03 devnull .PP
209 058b0118 2005-01-03 devnull When using
210 058b0118 2005-01-03 devnull .IR ipso ,
211 058b0118 2005-01-03 devnull secrets will appear as plain text in the editor window,
212 058b0118 2005-01-03 devnull so use the command in private.